And now for the how of developing web and mobile apps

As I pointed out in my last entry, the ability to field web and mobile applications is quickly becoming a business necessity for even small enterprises.

If you’re lacking the substantial developer expertise needed to accomplish that — and most smaller and midsize organizations are — than your best option is to search out an accomplished web/mobile app development services provider.

That, in a nutshell, is the how of developing web and mobile apps for those of us less than behemoth in size. Picking the right web/mobile app development services provider, then, is the challenge. To meet that challenge, you need to look for these capabilities in your provider:

Abundant knowledge about building three-tier web applications. Your provider’s software outsourcing expertise should include presentation layers and middle tier/business logic as well as such back-end databases as Microsoft SQL, IBM DB2, and Oracle. Your provider’s software engineers should know how to work with a variety of technologies, including WebLogic, Tomcat, JBoss, and Microsoft Web Server II and IIS. And they need to be experienced in many programming languages —e.g., HTML, XML, Java, JavaScript — with the ability to combine one or more technologies to achieve the best results.

Extensive experience in Microsoft .NET product development. This should range from Pocket PCs to Enterprise Server Clusters. Your development project should be guided by your provider’s senior project management teams. Your provider’s engineers should be expert in Microsoft and database technologies and have significant experience in developing software using Microsoft .NET, including ASP.NET as well as WebService, WebSphere, XML, and C++, among others.

Extensive experience in Java Enterprise Edition product development. Your provider should have years and years of expertise in building enterprise Java systems. Ask if your provider’s experts have built complete n-tier systems from concept to release. Find out if they’re experienced in designing, implementing, testing, and releasing JEE systems running on a variety of application servers, including JBoss, IBM WebSphere, WebLogic, Tomcat, Resin, and others. Have they implemented data layers that connect to the most widely used database systems, including Oracle, IBM DB2, and Microsoft SQL Server, as well as Hibernate and other data technologies? Have their implementations included a wide range of Web technologies, including JavaServer Pages, JavaServer Faces, Struts, and JRuby?

Deep competence in application security. For too long, application security was a poor stepchild in development circles, so make sure your web/mobile app development services provider treats it as the important development element that it truly is. Look for a provider who grasps that the arduous task of vulnerability identification and remediation often cannot be successfully addressed by limited IT security resources. You want a provider who uses a time-saving solution for all types of security testing (whether it’s outsourced, individual, or an enterprise-wide analysis) as well as for all types of users, including application developers, build managers, quality assurance (QA) teams, penetration testers, security auditors, and senior management.